Fix UI vulnerabilities (#700)

* chore: upgrade pnpm * chore: upgrade axios * chore: update vulnerabilities * fix: CI PNPM versions
percona · Sep 19, 2024 · 7a6dd89 · 7a6dd89
1 parent 32c85ff
commit 7a6dd89
Show file tree

Hide file tree

Showing 9 changed files with 6,831 additions and 7,213 deletions.
diff --git a/.github/workflows/dev-build.yaml b/.github/workflows/dev-build.yaml
@@ -7,7 +7,7 @@ on:
       - main
 
 env:
-  NODE_OPTIONS: '--max_old_space_size=4096'
+  NODE_OPTIONS: "--max_old_space_size=4096"
 
 jobs:
   build:
@@ -17,17 +17,17 @@ jobs:
         uses: actions/checkout@v4
         with:
           lfs: true
-          ref: 'main'
+          ref: "main"
 
       - uses: pnpm/action-setup@v3
         with:
-          version: 8
+          version: 9.4.0
 
       - name: Run with Node 20
         uses: actions/setup-node@v4
         with:
           node-version: 20.x
-          cache: 'pnpm'
+          cache: "pnpm"
           cache-dependency-path: ui/pnpm-lock.yaml
 
       - name: Build Everest Frontend app
@@ -38,7 +38,7 @@ jobs:
 
       - uses: actions/setup-go@v5
         with:
-          go-version-file: './go.mod'
+          go-version-file: "./go.mod"
 
       - name: Build Everest
         run: |
@@ -68,17 +68,17 @@ jobs:
         uses: aquasecurity/trivy-action@0.24.0
         with:
           image-ref: "perconalab/everest:0.0.0"
-          format: 'table'
-          exit-code: '1'
-          severity: 'CRITICAL,HIGH'
+          format: "table"
+          exit-code: "1"
+          severity: "CRITICAL,HIGH"
   scan:
     runs-on: ubuntu-latest
     needs: [build]
     steps:
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@0.24.0
         with:
-          image-ref: 'docker.io/perconalab/everest:0.0.0'
-          format: 'table'
-          exit-code: '1'
-          severity: 'CRITICAL,HIGH'
+          image-ref: "docker.io/perconalab/everest:0.0.0"
+          format: "table"
+          exit-code: "1"
+          severity: "CRITICAL,HIGH"
diff --git a/.github/workflows/dev-fe-e2e.yaml b/.github/workflows/dev-fe-e2e.yaml
@@ -18,7 +18,7 @@ jobs:
           ref: ${{ github.event.pull_request.head.sha }}
       - uses: pnpm/action-setup@v3
         with:
-          version: 8
+          version: 9.4.0
 
       - name: Use Node
         uses: actions/setup-node@v4
@@ -75,7 +75,7 @@ jobs:
           --operator.xtradb-cluster \
           --skip-wizard \
           --namespaces everest-ui
-          
+
           kubectl patch sub everest-operator -n everest-system -p '
             [{
                 "op": "add",

diff --git a/.github/workflows/dev-fe-gatekeeper.yaml b/.github/workflows/dev-fe-gatekeeper.yaml
@@ -3,16 +3,16 @@ name: FE CI Gatekeeper
 on:
   push:
     paths:
-      - 'ui/**'
-      - '.github/workflows/dev-fe-gatekeeper.yaml'
-      - '.github/workflows/dev-fe-e2e.yaml'
+      - "ui/**"
+      - ".github/workflows/dev-fe-gatekeeper.yaml"
+      - ".github/workflows/dev-fe-e2e.yaml"
     branches:
       - main
   pull_request:
     paths:
-      - 'ui/**'
-      - '.github/workflows/dev-fe-gatekeeper.yaml'
-      - '.github/workflows/dev-fe-e2e.yaml'
+      - "ui/**"
+      - ".github/workflows/dev-fe-gatekeeper.yaml"
+      - ".github/workflows/dev-fe-e2e.yaml"
     types: [opened, synchronize]
 
 permissions:
@@ -23,7 +23,7 @@ permissions:
   repository-projects: read
 
 env:
-  NODE_OPTIONS: '—-max_old_space_size=4096'
+  NODE_OPTIONS: "—-max_old_space_size=4096"
 
 jobs:
   cache_pnpm:
@@ -38,14 +38,14 @@ jobs:
 
       - uses: pnpm/action-setup@v3
         with:
-          version: 8
+          version: 9.4.0
 
       - name: Use Node
         uses: actions/setup-node@v4
         with:
           node-version: 20.x
-          cache: 'pnpm'
-          cache-dependency-path: 'ui/pnpm-lock.yaml'
+          cache: "pnpm"
+          cache-dependency-path: "ui/pnpm-lock.yaml"
 
       - name: Install dependencies
         run: cd ui && make init
@@ -55,7 +55,7 @@ jobs:
     needs: cache_pnpm
     strategy:
       matrix:
-        action: ['lint', 'format', 'test', 'build']
+        action: ["lint", "format", "test", "build"]
     defaults:
       run:
         working-directory: ui
@@ -68,13 +68,13 @@ jobs:
           ref: ${{ github.event.pull_request.head.sha }}
       - uses: pnpm/action-setup@v3
         with:
-          version: 8
+          version: 9.4.0
       - name: Use Node
         uses: actions/setup-node@v4
         with:
           node-version: 20.x
-          cache: 'pnpm'
-          cache-dependency-path: 'ui/pnpm-lock.yaml'
+          cache: "pnpm"
+          cache-dependency-path: "ui/pnpm-lock.yaml"
 
       - run: make init
 
@@ -104,7 +104,7 @@ jobs:
       - uses: stefanzweifel/git-auto-commit-action@v5
         if: steps.check_changes.outputs.changes == 'true' && github.event_name == 'pull_request'
         with:
-          commit_message: 'chore: lint/format'
+          commit_message: "chore: lint/format"
 
   permission_checks:
     runs-on: ubuntu-20.04
@@ -143,5 +143,5 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
           interval: 45
           timeout: 300
-          ignored: 'license/snyk (Percona Github Org), security/snyk (Percona Github Org)'
+          ignored: "license/snyk (Percona Github Org), security/snyk (Percona Github Org)"
           ref: ${{ github.event.pull_request.head.sha || github.sha }}